Posted on 01/28/2004 1:10:12 PM PST by Salo
New Explorer hole could be devastating Browser users could be fooled into downloading executable files
By Kieren McCarthy, Techworld.com January 28, 2004
A security hole in Microsoft Corp.’s Internet Explorer could prove devastating. Following the exposure of a vulnerability in Windows XP earlier this week, “http-equiv” of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables.
A demonstration of the hole is currently on security company Secunia’s website and demonstrates that if you click on a link, and select “Open” it purports to be downloading a pdf file whereas in fact it is an HTML executable file.
It is therefore only a matter of imagination in getting people to freely download what could be an extremely dangerous worm -- like, for instance, the Doom worm currently reeking havoc across the globe.
However what is more worrying is that this hole could easily be combined with another Explorer spoofing problem discovered in December.
The previous spoofing problem allowed Explorer users to think they were visiting one site when in fact they were visiting somewhere entirely different. The implications are not only troublesome, but Microsoft’s failure to include a fix for the problem in its January patches has led many to believe it cannot be prevented.
If the same is true for this spoofing issue, then it will only be a matter of time before someone who thinks they are visiting one website and downloading one file will in fact be visiting somewhere entirely different and downloading whatever that site’s owner decides.
We also have reason to believe there is no fix. It may be that today’s flaw is identical to one found nearly three years ago by Georgi Guninski in which double-clicking a link in Explorer led you to believe you were downloading a text file but were in fact downloading a .hta file.
In both cases, the con is created by embedding a CLSID into a file name. CLSID is a long numerical string that relates to a particular COM (Component Object Model) object. COM objects are what Microsoft uses to build applications on the Internet. By doing so, any type of file can be made to look like a “trusted” file type i.e. text or pdf.
Guninski informed Microsoft in April 2001. The fact that the issue has been born afresh suggests rather heavily that the software giant has no way of preventing this from happening.
So how bad could it get? Just off the top of our heads -- suppose someone set up a fake Hutton Inquiry site today with a link to the report’s summaries -- how many people across the U.K. would download a worm this afternoon? And imagine the computers it would end up on.
The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorer’s viability as a browser.
The advice is to avoid this latest hole is always save files to a folder and then look at them. On your hard drive, the file’s true nature is revealed. But this advice is nearly as practical as Microsoft telling users not to click on links to avoid being caught out by the previous spoof problem.
All in all, it does not look good. Not good at all.
The sheeple stick with what they know, even if it isn't what's best. The best line I've heard lately went like "A company stupid enough to go with Windows in the first place deserves the expense of getting hit with all these worms."
Survival of the fittest.
many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. In the field, however, they don't have as much money to spend, so they have to stretch their dollars by buying WinTel-based hardware.It's sad the FBI has to get by on old PC notebooks not even sold anymore. But when they do have the money, a mid-line iBook costs the same as the mid-line value ThinkPad (the brand the agent was using), and has a bigger hard drive.
BUMP
One thing that's of profound interest that GE continually avoids is that Microsoft once claimed that releasing its source code for review would "compromise National Security." (Their rep even said this under oath.)
Then what did Microsoft do? Microsoft gave the Red Chinese access to Windows source code!.
Isn't that innerestin'? Here we have Microsoft claiming that public release of their internals would jeopardize our nation's security, then they glibly fork it over to the Communists.
Small wonder that cretins like GE avoid the issue. Addressing it would force them to admit that Microsoft is comprised of either liars or traitors.
ROTFLMBO! Priceless. Simply priceless!
Isn't that innerestin'? Here we have Microsoft claiming that public release of their internals would jeopardize our nation's security, then they glibly fork it over to the Communists.
Small wonder that cretins like GE avoid the issue. Addressing it would force them to admit that Microsoft is comprised of either liars or traitors.
Personally, I think the truth of the matter is that they are both.
I have no idea what you are talking about. I just don't have much of significance to add to those discussions, and there aren't people on them oppenly supporting communism or it's toolset like there are on these Linux threads.
Yet you come here as some troll astroturfer for microsoft bemoaning the fact that open source is destroying Staroffice
Huh? Why would a Microsoft "troll astroturfer" (whatever that is, LOL) care if Sun got destroyed? You are so mixed up it makes absolutely no sense.
Note, that there are still folks who make candles, harnesses, and probably even buggy whips.
I don't recall those industries facing unfair foreign competition, do you?
Sure, there are plenty of people that buy American first. The fact you scoff at it is sickening.
Sure did, but Solaris typically (and formerly completely) requires a Sparc processor, which you can only get from Sun. It also is closed source code, and is completely controlled by an American company, not some likely communist from Finland. What was your point again?
"deserves"? That is clearly a post made in support of hackers over American businesses that do not conform to your way of reasoning. And don't blame me, you said it not I.
Looks like you were wrong, like usual. I exposed his points completely, if you can call them points.
One thing that's of profound interest that GE continually avoids is that Microsoft once claimed that releasing its source code for review would "compromise National Security."
Wrong again. I never avoid this topic, and freely admit it dangers national security to expose Windows code to the Chinese government, always have. But without the affect of Linux, they would have never exposed it in the first place. And a peek doesn't equal giving them the complete rights to the code inlcuding modification, distribution, and resale like Linux does. Red Hat = Red Flag. Look it up sometime.
Small wonder that cretins like GE avoid the issue.
What issue am I avoiding? Do you live in a box or something?
Since when? Your pathetic little points, which recently evolved into you chasing me around listing my posting history like a little dog chasing a Greyhound bus down the street? LOL. You got something any better, bring it too.
Just out of curiosity, how much does Redmond pay you to spin everything Microsoft does wrong into being the fault of Linux? I'm asking 'cause I find it incredibly difficult to believe that you spend this much time and effort parroting Redmond's talking points out of pure egalitarianism.
And FYI: CDE is crap, Solaris has been given away free for some time, and Red Hat is based in the U.S. Just figured you should be reminded of this since you have avoided those facts in the previous exchanges with others in this thread.
Personally, I think the truth of the matter is that they are both.
Agreed. Funny, isn't it, how Brass Buzzard tries to spin their treason into being Linux's fault? Talk about a laugh-riot...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.